On Wed, 2018-03-07 at 11:51 -0700, Jason Gunthorpe wrote:
> On Tue, Mar 06, 2018 at 11:26:26PM -0600, Jiandi An wrote:
> > TPM_CRB driver is the TPM support for ARM64. If it
> > is built as module, TPM chip is registered after IMA
> > init. tpm_pcr_read() in IMA driver would fail and
> > display
On Wed, 2018-03-07 at 08:54 -0700, Jonathan Corbet wrote:
> On Tue, 06 Mar 2018 13:36:36 -0500
> Mimi Zohar wrote:
>
> > I've heard that some maintainers are moving away from cover letters,
> > since they are not include in the git repo and are lost.
>
> If I
On Tue, 2018-03-06 at 14:59 -0700, Jason Gunthorpe wrote:
> On Tue, Mar 06, 2018 at 01:36:36PM -0500, Mimi Zohar wrote:
> > On Tue, 2018-03-06 at 08:32 -0800, James Bottomley wrote:
> > > On Tue, 2018-03-06 at 08:06 +, Winkler, Tomas wrote:
> > > > >
> >
On Tue, 2018-03-06 at 15:05 +0100, Jiri Slaby wrote:
> On 11/16/2016, 07:10 PM, David Howells wrote:
> > Here are two sets of patches. Firstly, the first three patches provide a
> > blacklist, making the following changes:
> ...
> > Secondly, the remaining patches allow the UEFI database to be use
On Tue, 2018-03-06 at 08:32 -0800, James Bottomley wrote:
> On Tue, 2018-03-06 at 08:06 +, Winkler, Tomas wrote:
> > >
> > >
> > > On Mon, Mar 05, 2018 at 01:09:09PM +, Winkler, Tomas wrote:
> > > >
> > > > Why you need cover letter? What are u missing in the patch
> > > > description
>
Hi Jarrko,
On Mon, 2018-03-05 at 18:56 +0200, Jarkko Sakkinen wrote:
> In order to make struct tpm_buf the first class object for constructing TPM
> commands, migrate tpm2_probe() to use it.
>
> Signed-off-by: Jarkko Sakkinen
With this patch, the Pi doesn't find the TPM. I'm seeing the
followi
On Mon, 2018-03-05 at 20:01 +0200, Jarkko Sakkinen wrote:
> On Mon, Mar 05, 2018 at 12:56:33PM +0200, Jarkko Sakkinen wrote:
> > On Fri, Mar 02, 2018 at 12:26:35AM +0530, Nayna Jain wrote:
> > >
> > >
> > > On 03/01/2018 02:52 PM, Jarkko Sakkinen wrote:
> > > > On Wed, Feb 28, 2018 at 02:18:27PM
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> On 2018-03-05 08:43, Mimi Zohar wrote:
> > Hi Richard,
> >
> > This patch has been compiled, but not runtime tested.
>
> Ok, great, thank you. I assume you are offering this patch to be
> included in
Hi Richard,
This patch has been compiled, but not runtime tested.
---
If the containerid is defined, include it in the IMA-audit record.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima_api.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/integrity/ima/ima_api.c b
On Sun, 2018-03-04 at 22:31 -0500, Richard Guy Briggs wrote:
> On 2018-03-04 16:55, Mimi Zohar wrote:
> > On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:
> > > Implement audit kernel container ID.
> > >
> > > This patchset is a preliminary RF
On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:
> Implement audit kernel container ID.
>
> This patchset is a preliminary RFC based on the proposal document (V3)
> posted:
> https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html
>
> The first patch implements th
On Sat, 2018-02-17 at 16:26 -0800, h...@zytor.com wrote:
> Do you have a description of the gaps you have identified?
Probably the 2016 Linux Security Summit (LSS) integrity status update
has the best list.
http://events17.linuxfoundation.org/sites/events/files/slides/LSS2016-
LinuxIntegritySubs
On Fri, 2018-02-16 at 12:59 -0800, H. Peter Anvin wrote:
> On 02/16/18 12:33, Taras Kondratiuk wrote:
> > Many of the Linux security/integrity features are dependent on file
> > metadata, stored as extended attributes (xattrs), for making decisions.
> > These features need to be initialized during
On Mon, 2018-02-12 at 00:19 +1100, James Morris wrote:
> On Sat, 10 Feb 2018, Mimi Zohar wrote:
> > Custom policy rules could be defined to disable measurement,
> > appraisal, and audit for files on fuse. However, I don't think we
> > want to automatically disable mea
Hi James,
Here are the remaining 2 FUSE patches.
thanks,
Mimi
The following changes since commit e2598077dc6a26c9644393e5c21f22a90dbdccdb:
ima: re-initialize iint->atomic_flags (2018-02-02 21:03:08 +1100)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/g
.org
> > Cc: linux-security-mod...@vger.kernel.org
> > Cc: linux-fsde...@vger.kernel.org
> > Cc: Miklos Szeredi
> > Cc: Alexander Viro
> > Cc: Mimi Zohar
> > Cc: Dmitry Kasatkin
> > Cc: James Morris
> > Cc: Christoph Hellwig
> > Acked-by:
On Mon, 2018-01-15 at 09:19 -0800, Christoph Hellwig wrote:
> On Mon, Jan 15, 2018 at 11:40:07AM -0500, Mimi Zohar wrote:
> > rootfs IS different than other filesystems, as other filesystems
> > uniquely identify the underlying filesystem type. rootfs can be a
> > ramfs or tm
On Fri, 2018-02-02 at 17:10 +0100, Miklos Szeredi wrote:
> On Fri, Feb 2, 2018 at 4:33 PM, Mimi Zohar wrote:
> > On Fri, 2018-02-02 at 10:20 -0500, Mimi Zohar wrote:
> >> Hi Miklos,
> >>
> >> On Tue, 2018-01-30 at 19:06 +0100, Dongsu Park wrote:
> >>
On Fri, 2018-02-02 at 10:20 -0500, Mimi Zohar wrote:
> Hi Miklos,
>
> On Tue, 2018-01-30 at 19:06 +0100, Dongsu Park wrote:
> > From: Alban Crequy
> >
> > This new fs_type flag FS_IMA_NO_CACHE means files should be re-measured,
> > re-appraised and re-audited ea
er."
Your help in resolving this problem is much appreciated!
Mimi
>
> Cc: linux-kernel@vger.kernel.org
> Cc: linux-integr...@vger.kernel.org
> Cc: linux-security-mod...@vger.kernel.org
> Cc: linux-fsde...@vger.kernel.org
> Cc: Miklos Szeredi
> Cc: Alexander Viro
> Cc:
On Fri, 2018-02-02 at 21:07 +1100, James Morris wrote:
> On Thu, 1 Feb 2018, Mimi Zohar wrote:
>
> > Hi James,
> >
> > Included in this pull request are three bug fixes, assuming the 2 FUSE
> > patches are considered bugs and not new features, and a maintainer u
On Thu, 2018-02-01 at 11:09 -0600, Rob Landley wrote:
> On 02/01/2018 09:55 AM, Mimi Zohar wrote:
> > On Thu, 2018-02-01 at 09:20 -0600, Rob Landley wrote:
> >
> >>> With your patch and specifying "root=tmpfs", dracut is complaining:
> >>>
> >
ce re-appraisal on filesystems with FS_IMA_NO_CACHE (2018-02-01
12:38:31 -0500)
Alban Crequy (2):
fuse: introduce new fs_type flag FS_IMA_NO_CACHE
ima: force re-appraisal on filesystems with FS_IMA_NO_CACHE
Mimi Zohar (2):
On Tue, 2018-01-30 at 19:06 +0100, Dongsu Park wrote:
> This patchset v4 introduces a new fs flag FS_IMA_NO_CACHE and uses it in
> FUSE. This forces files to be re-measured, re-appraised and re-audited
> on file systems with the feature flag FS_IMA_NO_CACHE. In that way,
> cached integrity results
On Thu, 2018-02-01 at 09:20 -0600, Rob Landley wrote:
> > With your patch and specifying "root=tmpfs", dracut is complaining:
> >
> > dracut: FATAL: Don't know how to handle 'root=tmpfs'
> > dracut: refusing to continue
>
> [googles]... I do not understand why this package exists.
>
> If you're
On Wed, 2018-01-31 at 21:03 -0500, Arvind Sankar wrote:
> On Wed, Jan 31, 2018 at 05:48:20PM -0600, Rob Landley wrote:
> > On 01/31/2018 04:07 PM, Mimi Zohar wrote:
> > > On Wed, 2018-01-31 at 13:32 -0600, Rob Landley wrote:>> (The old "I
> > > configured i
On Wed, 2018-01-31 at 13:32 -0600, Rob Landley wrote:
> On 01/30/2018 03:46 PM, Mimi Zohar wrote:
> > Commit 16203a7a9422 ("initmpfs: make rootfs use tmpfs when CONFIG_TMPFS
> > enabled") introduced using tmpfs as the rootfs filesystem. The use of
> > tmpfs is
, rootfs uses tmpfs. As there
must be a valid reason for this check, this patch introduces a new boot
command line option named "noramfs" to force rootfs to use tmpfs.
Signed-off-by: Mimi Zohar
---
Documentation/admin-guide/kernel-parameters.txt | 2 ++
init/do_mounts.c
Hi Alban,
On Thu, 2018-01-25 at 06:56 -0500, Mimi Zohar wrote:
> > > @@ -228,9 +229,28 @@ static int process_measurement(struct file *file,
> > > char *buf, loff_t size,
> > >IMA_APPRAISE_SUBM
> > @@ -228,9 +229,28 @@ static int process_measurement(struct file *file, char
> > *buf, loff_t size,
> > IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK |
> > IMA_ACTION_FLAGS);
> >
> > - if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->
On Mon, 2018-01-22 at 10:16 +0100, Alban Crequy wrote:
> On Fri, Jan 19, 2018 at 5:56 PM, Mimi Zohar wrote:
> > On Fri, 2018-01-19 at 11:35 +0100, Alban Crequy wrote:
> >> On Thu, Jan 18, 2018 at 10:25 PM, Mimi Zohar
> >> wrote:
> >> > On Tue, 2018-0
On Fri, 2018-01-19 at 11:35 +0100, Alban Crequy wrote:
> On Thu, Jan 18, 2018 at 10:25 PM, Mimi Zohar wrote:
> > On Tue, 2018-01-16 at 16:10 +0100, Alban Crequy wrote:
> >> From: Alban Crequy
> >>
> >> This patch forces files to be re-measured, re-appraised
Hi James,
Sorry, here's one last patch for 4.16.
thanks,
Mimi
---
The following changes since commit a2a2c3c8580a9158bca61221648fd6d5c98c443a:
ima: Use i_version only when filesystem supports it (2017-12-18 09:43:49
-0500)
are available in the git repository at:
git://git.kernel.org/p
On Tue, 2018-01-16 at 16:10 +0100, Alban Crequy wrote:
> From: Alban Crequy
>
> This patch forces files to be re-measured, re-appraised and re-audited
> on file systems with the feature flag FS_NO_IMA_CACHE. In that way,
> cached integrity results won't be used.
>
> For now, this patch adds the
> >
> > /*
> > -* Reset the measure, appraise and audit cached flags either if
> > -* ima_inode_setxattr was called or based on policy, forcing
> > -* the file to be re-evaluated.
> > +* Reset the measure, appraise and audit cached flags either if:
> > +
On Tue, 2018-01-16 at 12:09 +0100, Dongsu Park wrote:
> Hi,
>
> On Thu, Jan 11, 2018 at 8:51 PM, Dongsu Park wrote:
> > In case of FUSE filesystem, cached integrity results in IMA could be
> > reused, when the userspace FUSE process has changed the
> > underlying files. To be able to avoid such c
On Mon, 2018-01-15 at 09:18 -0800, Christoph Hellwig wrote:
> On Mon, Jan 15, 2018 at 11:32:41AM -0500, Mimi Zohar wrote:
> > For XFS, which considers fsmagic numbers private to the filesystem,
> > *always* using the fsmagic number is wrong. As to whether this is
> > true for
On Mon, 2018-01-15 at 08:27 -0800, Christoph Hellwig wrote:
> On Mon, Jan 15, 2018 at 11:20:36AM -0500, Mimi Zohar wrote:
> > Some filesystems do not export the filesystem's magic number, as it is
> > considered internal, private data. In other cases, the policy rule
>
On Mon, 2018-01-15 at 06:48 -0800, Christoph Hellwig wrote:
> On Thu, Jan 11, 2018 at 08:51:48PM +0100, Dongsu Park wrote:
> > In case of FUSE filesystem, cached integrity results in IMA could be
> > reused, when the userspace FUSE process has changed the
> > underlying files. To be able to avoid s
c=FILE_CHECK fsname=xfs
appraise fsmagic=0x01021994 fsname=rootfs
Suggested-by: Dave Chinner
Signed-off-by: Mimi Zohar
---
Documentation/ABI/testing/ima_policy | 2 +-
security/integrity/ima/ima_policy.c | 25 -
2 files changed, 25 insertions(+), 2 deletions(-)
diff --
> diff --git a/security/integrity/ima/ima_policy.c
> b/security/integrity/ima/ima_policy.c
> index fddef8f8..8de40d85 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -127,6 +127,7 @@ static struct ima_rule_entry default_measurement_rules[]
> __
On Wed, 2018-01-03 at 14:16 +1100, Dave Chinner wrote:
> On Tue, Jan 02, 2018 at 09:52:03PM -0500, Mimi Zohar wrote:
> > On Tue, 2018-01-02 at 17:40 -0800, Darrick J. Wong wrote:
> > > [might as well cc linux-xfs]
> > >
> > > On Thu, Dec 14, 2017 at 12:
On Tue, 2018-01-02 at 17:40 -0800, Darrick J. Wong wrote:
> [might as well cc linux-xfs]
>
> On Thu, Dec 14, 2017 at 12:22:37AM +0200, Dmitry Kasatkin wrote:
> > Hi,
> >
> > Could I ask FS maintainers to test IMA with this patch additionally
> > and provide ack/tested.
> > We tested but may be yo
On Sun, 2017-12-24 at 00:12 -0500, Mimi Zohar wrote:
> Hi Serge,
>
> On Fri, 2017-12-22 at 22:03 -0600, Serge E. Hallyn wrote:
> > On Fri, Dec 22, 2017 at 03:32:35PM +0100, Dongsu Park wrote:
> > > From: Seth Forshee
> > >
> > > The kernel should
hmac_or_hash() to refuse to
> > calculate new hmacs for mounts for non-init user namespaces.
> >
> > Cc: linux-integr...@vger.kernel.org
> > Cc: linux-security-mod...@vger.kernel.org
> > Cc: linux-kernel@vger.kernel.org
> > Cc: James Morris
> > Cc: Mimi Zohar
>
Hi Paul,
On Mon, 2017-12-11 at 13:54 +0100, Paul Menzel wrote:
> Dear Jason,
>
>
> On 12/08/17 17:18, Jason Gunthorpe wrote:
> > On Fri, Dec 08, 2017 at 05:07:39PM +0100, Paul Menzel wrote:
> >
> >> I have no access to the system right now, but want to point out, that the
> >> log was created b
On Fri, 2017-12-08 at 08:56 -0700, Jason Gunthorpe wrote:
> On Fri, Dec 08, 2017 at 12:14:04PM +, alexander.stef...@infineon.com
> wrote:
>
> > Is it really that ugly? I still need delay_msec to increase the
> > delay each round. I can see the benefit of your suggestion when it
> > is importa
On Thu, 2017-12-07 at 07:01 -0500, Jeff Layton wrote:
> On Thu, 2017-07-06 at 15:43 -0400, Mimi Zohar wrote:
> > On Thu, 2017-07-06 at 10:04 -0500, Serge E. Hallyn wrote:
> > > Quoting Jeff Layton (jlay...@kernel.org):
> > > > From: Jeff Layton
> > > >
Hi Dmitry,
On Fri, 2017-12-01 at 20:40 +0200, Dmitry Kasatkin wrote:
> The original design was discussed 3+ years ago, but was never
> completed/upstreamed.
> Based on the recent discussions with Linus
> https://patchwork.kernel.org/patch/9975919, I've rebased this patch.
>
> Before IMA appraisa
Hi, Leendert!
On Mon, 2017-11-27 at 07:08 +, Leendert van Doorn wrote:
> Hmm, this is almost 20 years old code (
>
> I think the original code did a burst write and didn't check for
> error conditions until the very last byte write. I seem to remember
> that there was some text in the origina
[Cc'ing Dave and Leendeert]
Hi Jarkko,
> > It seems that the last byte was sent from the beginning (27084ef
> > [PATCH] tpm: driver for next generation TPM chips,), does anyone
> > remember the reason ?
>
> Sent from the beginning?
I went through the commit logs to see if any of the patch descr
On Wed, 2017-11-22 at 19:58 +0100, Luis R. Rodriguez wrote:
> I've frankly have grown tired of pushing firmware signing just for the sake of
> the fact that I needed it for cfg80211, but now that its out of the way and
> we open coded it, its no longer a requirement on my part.
As the keys CFG80
On Mon, 2017-11-20 at 10:40 +0100, Roberto Sassu wrote:
> On 11/19/2017 12:23 AM, Mimi Zohar wrote:
> > Hi Serge,
> >
> > On Fri, 2017-11-17 at 22:20 -0600, Serge E. Hallyn wrote:
> >> On Tue, Nov 07, 2017 at 11:37:01AM +0100, Roberto Sassu wrote:
> >>
Hi Serge,
On Fri, 2017-11-17 at 22:20 -0600, Serge E. Hallyn wrote:
> On Tue, Nov 07, 2017 at 11:37:01AM +0100, Roberto Sassu wrote:
> > from a predefined position (/etc/ima/digest_lists/metadata), when rootfs
> > becomes available. Digest lists must be loaded before IMA appraisal is in
> > enforc
On Fri, 2017-11-17 at 09:55 +0100, Roberto Sassu wrote:
> On 11/17/2017 2:08 AM, Kees Cook wrote:
> > On Tue, Nov 7, 2017 at 8:45 AM, Roberto Sassu
> > wrote:
> >> On 11/7/2017 2:37 PM, Mimi Zohar wrote:
> >>> Normally, the protection of kernel memory is ou
On Thu, 2017-11-16 at 09:17 -0800, Joe Perches wrote:
> On Thu, 2017-11-16 at 12:11 -0500, Mimi Zohar wrote:
> > On Thu, 2017-11-16 at 07:27 -0800, Joe Perches wrote:
> > > Avoid using line continations in formats as that causes unexpected
> > > output.
> >
&g
On Thu, 2017-11-16 at 07:27 -0800, Joe Perches wrote:
> Avoid using line continations in formats as that causes unexpected
> output.
Is having lines greater than 80 characters the preferred method?
Could you add quotes before the backlash and before the first word on
the next line instead?
Mimi
On Wed, 2017-11-15 at 21:46 +0100, Luis R. Rodriguez wrote:
> On Wed, Nov 15, 2017 at 02:56:57PM -0500, Mimi Zohar wrote:
> > On Wed, 2017-11-15 at 18:52 +0100, Luis R. Rodriguez wrote:
> > > On Wed, Nov 15, 2017 at 06:49:57AM -0500, Mimi Zohar wrote:
> > > > On
On Wed, 2017-11-15 at 18:52 +0100, Luis R. Rodriguez wrote:
> On Wed, Nov 15, 2017 at 06:49:57AM -0500, Mimi Zohar wrote:
> > On Tue, 2017-11-14 at 21:50 +0100, Luis R. Rodriguez wrote:
> >
> > > Johannes made cfg80211 recently just use request_firmware() now via
> >
On Mon, 2017-11-13 at 09:05 +1100, James Morris wrote:
> Hi Linus,
>
> Please pull these fixes for the Integrity subsystem.
>
> (From Mimi)
>
> "There is a mixture of bug fixes, code cleanup, preparatory code for new
> functionality and new functionality.
>
> Commit 26ddabfe96bb "evm: enable E
On Tue, 2017-11-14 at 21:50 +0100, Luis R. Rodriguez wrote:
> Johannes made cfg80211 recently just use request_firmware() now via commit on
> linux-next 90a53e4432 ("cfg80211: implement regdb signature checking") [0] as
> he got tired of waiting firmware signing, but note he implemented a signatur
On Tue, 2017-11-14 at 13:38 +0100, Greg Kroah-Hartman wrote:
> On Tue, Nov 14, 2017 at 07:21:38AM -0500, Mimi Zohar wrote:
> > On Mon, 2017-11-13 at 14:09 -0800, Linus Torvalds wrote:
> > > On Mon, Nov 13, 2017 at 1:44 PM, David Howells
> > > wrote:
> > > &
On Mon, 2017-11-13 at 14:09 -0800, Linus Torvalds wrote:
> On Mon, Nov 13, 2017 at 1:44 PM, David Howells wrote:
> >
> > Whilst that may be true, we either have to check signatures on every bit of
> > firmware that the appropriate driver doesn't say is meant to be signed or
> > not
> > bother.
>
On Mon, 2017-11-13 at 20:51 +0100, Luis R. Rodriguez wrote:
> On Mon, Nov 13, 2017 at 02:36:47PM -0500, Mimi Zohar wrote:
> > Huh, I kind of lost you here. What does "it" refer to in the above
> > sentence? IMA is in the kernel. So, who does what checks in
> >
On Mon, 2017-11-13 at 20:05 +0100, Luis R. Rodriguez wrote:
> On Mon, Nov 13, 2017 at 06:43:34AM -0500, Mimi Zohar wrote:
> > + * fw_lockdown_read_file - prevent loading of unsigned firmware
> > + * @file: pointer to firmware
> > + * @read_id: caller identifier
> > + *
On Sat, 2017-11-11 at 02:32 +, Alan Cox wrote:
> > My assumption here is:
> > 1) there are some less important and so security-insensitive firmwares,
> >by which I mean that such firmwares won't be expected to be signed in
> >terms of vulnerability or integrity.
> >(I can't give you
If the kernel is locked down and IMA-appraisal is not enabled, prevent
loading of unsigned firmware.
Signed-off-by: Mimi Zohar
---
Changelog v2:
- Invert kernel_is_locked_down() test (Luis Rodriquez)
- Increase LSM name maximum size (15 bytes + null) (Casey)
Changelog v1:
- Lots of minor
On Fri, 2017-11-10 at 23:39 +0100, Luis R. Rodriguez wrote:
> On Fri, Nov 10, 2017 at 04:02:55PM -0500, Mimi Zohar wrote:
> > If the kernel is locked down and IMA-appraisal is not enabled, prevent
> > loading of unsigned firmware.
> >
> > Signed-off-by: Mimi Zohar
&g
If the kernel is locked down and IMA-appraisal is not enabled, prevent
loading of unsigned firmware.
Signed-off-by: Mimi Zohar
---
Changelog v1:
- Lots of minor changes Kconfig, Makefile, fw_lsm.c for such a small patch
security/Kconfig | 1 +
security/Makefile | 2
On Fri, 2017-11-10 at 12:58 -0500, Mimi Zohar wrote:
>
> +
> +static struct security_hook_list fw_lockdown_hooks[] = {
> + LSM_HOOK_INIT(fw_lockdown_file_check, fw_lockdown_bprm_check)
Sigh, that should have be:
LSM_HOOK_INIT(kernel_read_file, fw_lockdown_read_file)
> +};
On Fri, 2017-11-10 at 20:35 +0100, Luis R. Rodriguez wrote:
> On Fri, Nov 10, 2017 at 12:58:23PM -0500, Mimi Zohar wrote:
> > Hi David,
> >
> > If you are interested in preventing the loading of unsigned firmware,
> > the patch below is straight forward. The patch ha
-appraisal is not enabled, prevent
loading of unsigned firmware.
Signed-off-by: Mimi Zohar
---
security/Kconfig | 1 +
security/Makefile | 2 ++
security/fw_lockdown/Kconfig | 6 +
security/fw_lockdown/Makefile | 3 +++
security/fw_lockdown
On Fri, 2017-11-10 at 02:46 +0100, Luis R. Rodriguez wrote:
> On Thu, Nov 09, 2017 at 10:48:43AM +0900, AKASHI, Takahiro wrote:
> > On Wed, Nov 08, 2017 at 08:46:26PM +0100, Luis R. Rodriguez wrote:
> > > But perhaps I'm not understanding the issue well, let me know.
> >
> > My point is quite simp
On Thu, 2017-11-09 at 13:46 +0900, AKASHI, Takahiro wrote:
> Mimi,
>
> On Wed, Nov 08, 2017 at 09:17:37PM -0500, Mimi Zohar wrote:
> > > > IMHO that should just fail then, ie, a "locked down" kernel should not
> > > > want to
> > > > *pas
On Thu, 2017-11-09 at 09:47 -0500, Matthew Garrett wrote:
> This seems very over-complicated, and it's unclear why the kernel
> needs to open the file itself. You *know* that all of userland is
> trustworthy at this point even in the absence of signatures.
Assuming the initramfs is signed, then y
> > IMHO that should just fail then, ie, a "locked down" kernel should not want
> > to
> > *pass* a firmware signature if such thing could not be done.
> >
> > Its no different than trying to verify a signed module on a "locked down"
> > for
> > which it has no signature.
> >
> > But perhaps I'
> > Or reflect that IMA-appraisal, if enabled, will enforce firmware being
> > validly signed.
>
> But FWICT lockdown is a built-in kernel thingy, unless lockdown implies IMA
> it would not be the place to refer to it.
>
> It seems the documentation was proposed to help users if an error was cau
Hi Roberto,
On Tue, 2017-11-07 at 11:36 +0100, Roberto Sassu wrote:
> IMA is a security module with the objective of reporting or enforcing the
> integrity of a system, by measuring files accessed with the execve(),
> mmap() and open() system calls. For reporting, it takes advantage of the
> TPM a
On Thu, 2017-11-02 at 22:01 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > Right, it would never get here if the IMA signature verification
> > fails. If sig_enforce is not enabled, then it will also work. So the
> > only case is if sig_enforced is ena
On Thu, 2017-11-02 at 22:04 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > > Only validly signed device firmware may be loaded.
> >
> > fw_get_filesystem_firmware() calls kernel_read_file_from_path() to
> > read the firmware, which calls into the sec
Hi David,
>From the man page:
> Only validly signed modules may be loaded.
> .P
> Only validly signed binaries may be kexec'd.
> .P
> Only validly signed device firmware may be loaded.
fw_get_filesystem_firmware() calls kernel_read_file_from_path() to
read the firmware, which calls into the secu
On Thu, 2017-11-02 at 21:30 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > By this point, IMA-appraisal has already verified the kernel module
> > signature back in kernel_read_file_from_fd(), if it was required.
> > Having a key with which to verify the appende
On Thu, 2017-11-02 at 17:22 +, David Howells wrote:
> #ifdef CONFIG_MODULE_SIG
> -static int module_sig_check(struct load_info *info, int flags)
> +static int module_sig_check(struct load_info *info, int flags,
> + bool can_do_ima_check)
> {
> int err = -ENOKEY;
On Tue, 2017-10-17 at 22:53 -0200, Thiago Jung Bauermann wrote:
Below are a few additional comments.
> @@ -200,18 +239,28 @@ int ima_read_xattr(struct dentry *dentry,
> */
> int ima_appraise_measurement(enum ima_hooks func,
>struct integrity_iint_cache *iint,
> -
[Corrected Matthew Garrett's email address. Cc'ed Bruno Meneguele]
On Mon, 2017-10-30 at 17:00 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > This kernel_is_locked_down() check is being called for both the
> > original and new module_load syscalls. We need
On Mon, 2017-10-30 at 15:49 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > Huh?! With the "secure_boot" policy enabled on the boot command line,
> > IMA-appraisal would verify the kexec kernel image, firmware, kernel
> > modules, and custom IMA policy si
On Mon, 2017-10-30 at 09:00 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > Yes, that works. Thanks! Remember is_ima_appraise_enabled() is
> > dependent on the "ima: require secure_boot rules in lockdown mode"
> > patch - http://kernsec.org/pipermail
On Sat, 2017-10-28 at 16:34 +0800, joeyli wrote:
> On Fri, Oct 27, 2017 at 03:32:26PM -0400, Mimi Zohar wrote:
> > On Thu, 2017-10-26 at 10:17 -0400, Mimi Zohar wrote:
> > > On Thu, 2017-10-26 at 15:42 +0800, joeyli wrote:
> > > > Hi Mimi,
> >
On Thu, 2017-10-26 at 10:17 -0400, Mimi Zohar wrote:
> On Thu, 2017-10-26 at 15:42 +0800, joeyli wrote:
> > Hi Mimi,
> >
> > Thank you for reviewing.
> >
> > On Mon, Oct 23, 2017 at 11:54:43AM -0400, Mimi Zohar wrote:
> > > On Thu, 2017-10-19 at 15:5
On Thu, 2017-10-26 at 10:17 -0400, Mimi Zohar wrote:
> On Thu, 2017-10-26 at 15:42 +0800, joeyli wrote:
> > Hi Mimi,
> >
> > Thank you for reviewing.
> >
> > On Mon, Oct 23, 2017 at 11:54:43AM -0400, Mimi Zohar wrote:
> > > On Thu, 2017-10-19 at 15:5
On Thu, 2017-10-19 at 15:50 +0100, David Howells wrote:
> If the kernel is locked down, require that all modules have valid
> signatures that we can verify.
>
> Signed-off-by: David Howells
> ---
>
> kernel/module.c |3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/
On Thu, 2017-10-26 at 20:47 -0200, Thiago Jung Bauermann wrote:
> Mimi Zohar writes:
>
> > On Tue, 2017-10-17 at 22:53 -0200, Thiago Jung Bauermann wrote:
> >> IMA will use the module_signature format for append signatures, so export
> >> the relevant definitions
On Tue, 2017-10-17 at 22:53 -0200, Thiago Jung Bauermann wrote:
> Hello,
>
> The main highlight in this version is that it fixes a bug where the modsig
> wasn't being included in the measurement list if the appraised file was
> already measured by another rule. The fix is in the last patch.
>
> A
rify an already parsed PKCS#7 message. For this
> purpose, add function verify_pkcs7_message_signature which takes a struct
> pkcs7_message for verification instead of the raw bytes that
> verify_pkcs7_signature takes.
>
> Signed-off-by: Thiago Jung Bauermann
Reviewed-b
DULE_SIG_FORMAT option so that IMA can select it
> and be able to use validate_module_signature without having to depend on
> CONFIG_MODULE_SIG.
>
> Signed-off-by: Thiago Jung Bauermann
Reviewed-by: Mimi Zohar
One minor comment below...
> ---
> include/linux/module.h
On Tue, 2017-10-17 at 22:53 -0200, Thiago Jung Bauermann wrote:
> diff --git a/security/integrity/ima/ima_main.c
> b/security/integrity/ima/ima_main.c
> index 6a2d960fbd92..0d3390de7432 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -246,7 +246,35
On Thu, 2017-10-26 at 17:37 +0100, David Howells wrote:
> Hi James,
>
> Can you pull this patchset into security/next please?
>
> It adds kernel lockdown support for EFI secure boot. Note that it doesn't yet
> cover:
>
> bpf - No agreement as to how
> ftrace - Recently suggeste
[Cc'ing Matthew Garrett]
On Thu, 2017-10-26 at 16:02 +0100, David Howells wrote:
> joeyli wrote:
>
> > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) &&
> > + !is_ima_appraise_enabled() &&
> > + kernel_is_locked_down("kexec of unsigned images"))
>
> This doesn't seem right. It seems
On Thu, 2017-10-26 at 15:42 +0800, joeyli wrote:
> Hi Mimi,
>
> Thank you for reviewing.
>
> On Mon, Oct 23, 2017 at 11:54:43AM -0400, Mimi Zohar wrote:
> > On Thu, 2017-10-19 at 15:51 +0100, David Howells wrote:
> > > From: Chun-Yi Lee
> > >
> > &
On Wed, 2017-10-25 at 13:05 -0200, Bruno E. O. Meneguele wrote:
> On 24-10, Mimi Zohar wrote:
> > On Tue, 2017-10-24 at 15:37 -0200, Bruno E. O. Meneguele wrote:
> > > When the user requests MODULE_CHECK policy and its kernel is compiled
> > > with CONFIG_MODULE_SIG
801 - 900 of 1742 matches
Mail list logo
